CA Token 처리 추가 및 코드정리

This commit is contained in:
cho
2026-01-08 11:12:10 +09:00
parent 6689d979da
commit 4c5a9efcc4
9 changed files with 6 additions and 244 deletions
@@ -19,6 +19,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
import com.eactive.eai.authserver.service.BearerTokenService;
import com.eactive.eai.authserver.service.OAuth2Manager;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.MessageUtil;
@@ -85,22 +86,6 @@ public class BearerTokenContoller {
}
}
// // 서비스용 Bearer Token 발급
// @PostMapping("/service")
// public ResponseEntity<?> issueFileToken(@RequestBody Map<String, String> req) {
// String fileId = req.get("fileid");
//
// String token = tokenService.generateFileToken(fileId);
//
// Map<String, String> tokenMap = new HashMap<>();
// tokenMap.put("token_type", "Bearer");
// tokenMap.put("file_token", token);
// tokenMap.put("expires_in", "599");
// tokenMap.put("expires_on", "1575593514");
// tokenMap.put("resource", fileId);
//
// return ResponseEntity.ok(tokenMap);
// }
private void veryfyClient(ClientDetails clientDetails, String clientSecret, Set<String> scopeSet) throws JwtAuthException {
if (!StringUtils.equals(clientDetails.getClientSecret(), clientSecret)) {
throw new JwtAuthException("invalid_client", "Bad client credentials(client_secret is empty or not match)");
@@ -1,77 +0,0 @@
package com.eactive.eai.authserver.custom;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.simple.JSONObject;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import com.eactive.eai.adapter.http.dynamic.filter.JwtAuthException;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.MessageUtil;
@Component
public class BearerTokenFilter extends OncePerRequestFilter{
public static Logger logger = Logger.getLogger(Logger.LOGGER_DEFAULT);
private final BearerTokenService tokenService;
public static final String ERROR_AUTHENTICATION_FAIL = "E.AUTHENTICATION_FAIL";
public static final String ERROR_AUTHORIZATION_FAIL = "E.AUTHORIZATION_FAIL";
public static final String ERROR_TOKEN_EXPIRED = "E.TOKEN_EXPIRED";
public BearerTokenFilter(BearerTokenService tokenService) {
this.tokenService = tokenService;
}
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
try {
String auth = request.getHeader("Authorization");
if (auth != null && auth.startsWith("Bearer ")) {
String token = auth.substring(7);
String clientId = null;
String fileId = null;
if (tokenService.validateCA(token)) {
clientId = tokenService.getClientIdFromCA(token);
} else {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Access token is invalid or expired");
}
// if (fileId != null) {
// UsernamePasswordAuthenticationToken authentication =
// new UsernamePasswordAuthenticationToken(fileId, null, Arrays.asList());
// SecurityContextHolder.getContext().setAuthentication(authentication);
// }
}
filterChain.doFilter(request, response);
} catch (JwtAuthException jae) {
logger.debug(jae.getMessage());
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AUTH_FAIL, jae.getMessage());
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(errorJson);
} catch (Exception e) {
logger.error(e.getMessage());
String errorJson = MessageUtil.makeJsonErrorMessage(MessageUtil.ERROR_CODE_AP_ERROR, e.getMessage());
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
response.setContentType("application/json;charset=UTF-8");
response.getWriter().write(errorJson);
}
}
}
@@ -1,49 +0,0 @@
package com.eactive.eai.authserver.custom;
import java.util.Set;
import com.fasterxml.jackson.annotation.JsonProperty;
public class BearerTokenInfo {
@JsonProperty("client_id")
private String clientId;
private Long expiresIn;
private Long expiresAt;
private Set<String> scopeSet;
public String getClientId() {
return clientId;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public Long getExpiresIn() {
return expiresIn;
}
public void setExpiresIn(Long expiresIn) {
this.expiresIn = expiresIn;
}
public Long getExpiresAt() {
return expiresAt;
}
public void setExpiresAt(Long expiresIn) {
this.expiresAt = System.currentTimeMillis() + (expiresIn * 1000);
}
public Set<String> getScopeSet() {
return scopeSet;
}
public void setScopeSet(Set<String> scopeSet) {
this.scopeSet = scopeSet;
}
public boolean isExpired() {
return System.currentTimeMillis() > expiresAt;
}
}
@@ -1,97 +0,0 @@
package com.eactive.eai.authserver.custom;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import org.springframework.stereotype.Service;
@Service
public class BearerTokenService {
// CA 토큰 저장소
private final Map<String, BearerTokenInfo> CATokenStore = new ConcurrentHashMap<>();
// File 토큰 저장소
private final Map<String, String> fileTokenStore = new ConcurrentHashMap<>();
// // FileTransfer 토큰 저장소
// private final Map<String, String> fileTransferTokenStore = new ConcurrentHashMap<>();
public String generateCAToken(String clientId, Long expiresIn, Set<String> scopeSet) {
String token = UUID.randomUUID().toString();
BearerTokenInfo CATokenInfo = new BearerTokenInfo();
CATokenInfo.setClientId(clientId);
CATokenInfo.setExpiresIn(expiresIn);
CATokenInfo.setExpiresAt(expiresIn);
CATokenInfo.setScopeSet(scopeSet);
CATokenStore.put(token, CATokenInfo);
return token;
}
public String generateFileToken(String fileId) {
//String token = UUID.randomUUID().toString().replace("-", "");
String token = generateTokenString(987);
fileTokenStore.put(token, fileId);
return token;
}
// public String generateFileTransferToken(String fileId) {
// //String token = UUID.randomUUID().toString().replace("-", "");
// String token = generateTokenString(654);
// fileTransferTokenStore.put(token, fileId);
// return token;
// }
public boolean validateCA(String token) {
BearerTokenInfo CATokenInfo = CATokenStore.get(token);
if (CATokenInfo == null) return false;
if (CATokenInfo.isExpired()) {
CATokenStore.remove(token);
return false;
}
return CATokenStore.containsKey(token);
}
public boolean validateFile(String token) {
return fileTokenStore.containsKey(token);
}
// public boolean validateFileTransfer(String token) {
// return fileTransferTokenStore.containsKey(token);
// }
public String getClientIdFromCA(String token) {
BearerTokenInfo CATokenInfo = CATokenStore.get(token);
return CATokenInfo.getClientId();
}
public String getFileIdFromFile(String token) {
return fileTokenStore.get(token);
}
// public String getFileIdFromFileTransfer(String token) {
// return fileTransferTokenStore.get(token);
// }
private static final String CHARACTERS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
private static final SecureRandom secureRandom = new SecureRandom();
public static String generateTokenString(int length) {
// Java 8의 IntStream과 Collectors.joining을 사용한 효율적인 방법
return IntStream.range(0, length)
.map(i -> secureRandom.nextInt(CHARACTERS.length()))
.mapToObj(CHARACTERS::charAt)
.map(String::valueOf)
.collect(Collectors.joining());
}
}